<?php

class NCore_Port_Filter_MultilineText
{
	protected $re = '/^[ \/a-zA-Z0-9.!@#$%&*:;?()_+=\'"\n\r,\[\]-]+$/';
	
	function __construct($re)
	{
		if(!is_null($re))
		{
			$this->re = $re;
		}
	}
	public function filter($value)
	{
		$valid  = TRUE;
		
		if(!preg_match($this->re, $value)) {
			$valid = FALSE;
		}
		
		if(!$this->test4XSS($value)) {
			$valid = FALSE;
		}
		
		return $valid;
	}
	public function test4XSS($value)
	{
		$xss_hackemes = array(
			'%3c', // < 
			'&lt', // < 
			'pa==',// <
			'&gt', // > 
			'%3E', // >
			'pg==',// > 
			'&quo',// "
			'%22', // "
			'ig==',// "
			'#27', // '
			'jw==',// '
			'&#',  // generally not needed
			'\x',  // generally not needed
			'\u',  // generally not needed
			'javascript',
			'onsubmit',
			'onabort',
			'onblur',
			'onchange',
			'onfocus',
			'onmouse',
			'onload',
			'onreset',
			'onselect',
			'onunload',
			'onerror',
			'onclick',
			'<script'
						);

		$lcValue = strtolower($value);
		
		foreach($xss_hackemes as $hackeme)
		{
			if(strpos($lcValue, $hackeme)===false) {
				continue;
			} else {
				return FALSE; 
			}
		}
		
		return TRUE;
	}
}

?>